4.4
CVE-2024-45636
- EPSS 0.09%
- Veröffentlicht 11.06.2026 15:10:38
- Zuletzt bearbeitet 16.06.2026 16:26:21
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Qradar Edr Version >= 3.12 < 3.12.25
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.008 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 4.1 | 0.5 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-256 Plaintext Storage of a Password
The product stores a password in plaintext within resources such as memory or files.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://www.ibm.com/support/pages/node/7274828